CVE-2012-4684

The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service resource consumption via a valid modified signature for a...

CVE-2016-11032

An issue was discovered on Samsung mobile devices with M6.0 software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 November 2016...

CVE-2010-1568

The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623...

CVE-2017-11180

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

CVE-2015-7839

SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...

CVE-2013-5533

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334...

CVE-2009-1344

Cross-site scripting XSS vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality...

CVE-2004-2407

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality...

CVE-2005-4862

The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password...

CVE-2025-26867

Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11...

CVE-2025-48009

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...

CVE-2025-48009

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...

CVE-2025-48011

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0...

CVE-2025-48010 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0...

CVE-2025-48010 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0...

CVE-2025-48010

CVE-2025-48010 describes an authentication bypass in the Drupal One Time Password module. Affected versions are 0.0.0 through 1.3.0, where an alternate path or channel could bypass normal authentication, effectively bypassing functionality. The issue is documented across multiple trusted sources ...

CVE-2025-48009 Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...

CVE-2025-48009 Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...